Beispiel #1
0
def test_new_user_not_authed():
    try:
        ru = User.create_user("teacher_coll1")
        User.create_new_user(ru, 'college-1', 'first', 'last')
        assert False
    except Exception as e:
        assert "teacher_coll1" in str(e)
Beispiel #2
0
def test_new_user_not_allowed():
    try:
        ru = User.create_user("student_coll1_1", "cows")
        User.create_new_user(ru, 'college-1', 'first', 'last')
        assert False
    except Exception as e:
        assert "student_coll1_1" in str(e)
Beispiel #3
0
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404

    if change_request.age > timedelta(days = 2):
        return "Request not valid", 410

    if change_request.verify_code != code:
        return "Invalid verification code", 403

    log_action('changing email', user = username, new_email = change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200
Beispiel #4
0
 def helper(username, password):
     u = User.create_user(username, password)
     u1 = User.create_user(username, password)
     assert u.can_view(u), "should be able to same instance"
     assert u.can_view(u1), "should be able to see other authenticated self"
     u2 = User.create_user(username)
     assert u.can_view(u2), "should be able to see other plain self"
Beispiel #5
0
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404, PLAINTEXT_HEADER

    email_change_days = config.config.getint('nemesis', 'email_change_days')
    max_age = timedelta(days = email_change_days)

    if change_request.age > max_age:
        return "Request not valid", 410, PLAINTEXT_HEADER

    if change_request.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('changing email', user = username, new_email = change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200, PLAINTEXT_HEADER
Beispiel #6
0
def test_email_change_request():
    """ Test that change requests via POST at /user/ are handled correclty. """
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"
    params = {
        "username": "******",
        "password": "******",
        "new_email": new_email,
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200, data
    user = User(username)
    assert user.email == old_email

    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    assert toaddr == new_email

    vars = ps.template_vars
    first_name = user.first_name
    assert first_name == vars['name']

    template = ps.template_name
    assert template == 'change_email'

    test_helpers.assert_load_template(template, vars)

    pe = PendingEmail(username)
    assert pe.in_db
    assert pe.new_email == new_email
def test_student_post_doesnt_set_first_last_name():
    old_first = "student1i"
    old_last = "student"

    params = {
        "username": "******",
        "password": "******",
        "new_first_name": "asdf",
        "new_last_name": "cheese",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    details_dict = User("student_coll1_1").details_dictionary_for(
        User.create_user("student_coll1_1", "cows"))

    # restore original data
    u = User("student_coll1_1")
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()

    assert details_dict["first_name"] == old_first
    assert details_dict["last_name"] == old_last
Beispiel #8
0
def test_authed_teachers_cant_see_blueshirt():
    u1 = User.create_user("teacher_coll1", "facebees")
    u2 = User.create_user("teacher_coll2", "noway")
    users = [u1, u2]
    a = User.create_user("blueshirt")

    assert not any([u.can_administrate(a) for u in users])
Beispiel #9
0
def test_new_user_wrong_college():
    try:
        ru = User.create_user("teacher_coll1", "facebees")
        User.create_new_user(ru, 'college-2', 'first', 'last')
        assert False
    except Exception as e:
        assert "teacher_coll1" in str(e)
        assert 'college-2' in str(e)
Beispiel #10
0
def register_user(requesting_user):
    if not requesting_user.can_register_users:
        return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}), 403

    teacher_username = requesting_user.username
    college_group    = request.form["college"].strip()
    first_name       = request.form["first_name"].strip()
    last_name        = request.form["last_name"].strip()
    email            = request.form["email"].strip()
    team             = request.form["team"].strip()

    if College(college_group) not in requesting_user.colleges:
        return json.dumps({"error":"BAD_COLLEGE"}), 403

    if team not in [t.name for t in College(college_group).teams]:
        return json.dumps({"error":"BAD_TEAM"}), 403

    if not helpers.is_email_valid(email):
        return json.dumps({"error":"BAD_EMAIL"}), 403

    if not helpers.is_name_valid(first_name):
        return json.dumps({"error":"BAD_FIRST_NAME"}), 403

    if not helpers.is_name_valid(last_name):
        return json.dumps({"error":"BAD_LAST_NAME"}), 403

    if User.name_used(first_name, last_name) or helpers.email_used(email):
        return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403

    u = User.create_new_user(requesting_user, college_group, first_name, last_name)
    verify_code = helpers.create_verify_code(u.username, email)

    pu = PendingUser(u.username)
    pu.teacher_username = teacher_username
    pu.college = college_group
    pu.email = email
    pu.team = team
    pu.verify_code = verify_code
    pu.save()

    log_action('registering user', pu)

    url = url_for('activate_account', username=u.username, code=verify_code, _external=True)
    pu.send_welcome_email(first_name, url)

    rqu_email_vars = { 'name': requesting_user.first_name,
            'activation_days': ACTIVATION_DAYS,
              'pu_first_name': first_name,
               'pu_last_name': last_name,
                'pu_username': pu.username,
                 'pu_college': College(pu.college).name,
                   'pu_email': pu.email,
                    'pu_team': pu.team
                      }
    mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars)

    return "{}", 202
Beispiel #11
0
def form_helper(rq_user, rq_pass, new_fname, new_lname):
    new_email = "*****@*****.**"
    params = {
        "username": rq_user,
        "password": rq_pass,
        "first_name": new_fname,
        "last_name": new_lname,
        "email": new_email,
        "team": "team-ABC",
        "college": "college-1"
    }

    r, data = test_helpers.server_post("/registrations", params)
    status = r.status
    assert status == 202, data

    created = User.create_user('1_rt1')
    assert created.email == ''

    pending = PendingUser('1_rt1')
    assert pending.email == "*****@*****.**"
    assert pending.team == "team-ABC"
    assert pending.college == "college-1"

    email_datas = test_helpers.last_n_emails(2)

    student_ps = email_datas[0]
    template = student_ps.template_name
    assert template == 'new_user'
    to = student_ps.toaddr
    assert to == new_email
    vars = student_ps.template_vars
    assert new_fname == vars['name']
    vcode = pending.verify_code
    assert vcode in vars['activation_url']

    test_helpers.assert_load_template(template, vars)

    teacher = User.create_user(rq_user)

    teacher_ps = email_datas[1]
    template = teacher_ps.template_name
    assert template == 'user_requested'
    to = teacher_ps.toaddr
    assert to == teacher.email
    vars = teacher_ps.template_vars
    assert new_fname == vars['pu_first_name']
    assert new_lname == vars['pu_last_name']
    assert new_email == vars['pu_email']
    assert '1_rt1' == vars['pu_username']
    assert 'team-ABC' == vars['pu_team']
    assert 'college the first' == vars['pu_college']

    vars_str = teacher_ps.template_vars_json
    assert vcode not in vars_str, "Should not contain the verification code."

    test_helpers.assert_load_template(template, vars)
Beispiel #12
0
def set_user_details(requesting_user, userid):
    user_to_update = User.create_user(userid)
    can_admin = requesting_user.can_administrate(user_to_update)

    if request.form.get(
            "media_consent"
    ) == 'true' and requesting_user.can_record_media_consent:
        if not user_to_update.has_media_consent:
            user_to_update.got_media_consent()
            notify_ticket_available(user_to_update)
            user_to_update.save()

        if not can_admin:
            return '{}', 200

    elif not can_admin:
        return AUTHORIZATION_DENIED

    assert can_admin

    user_to_update = User.create_user(userid)
    if request.form.has_key("new_email") and not requesting_user.is_blueshirt:
        new_email = request.form["new_email"]
        request_new_email(user_to_update, new_email)
    # Students aren't allowed to update their own names
    # at this point, if the requesting_user is valid, we know it's a self-edit
    if not requesting_user.is_student:
        fname = request.form.get("new_first_name")
        if fname:
            user_to_update.set_first_name(fname)
        lname = request.form.get("new_last_name")
        if lname:
            user_to_update.set_last_name(lname)
    if request.form.has_key("new_team"):
        team = request.form["new_team"]
        if (not user_to_update.is_blueshirt
            ) and requesting_user.manages_team(team):
            user_to_update.set_team(team)
    if request.form.has_key(
            "new_type"
    ) and requesting_user.is_teacher and user_to_update != requesting_user:
        if request.form["new_type"] == 'student':
            user_to_update.make_student()
        elif request.form["new_type"] == 'team-leader':
            user_to_update.make_teacher()
    if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \
        and requesting_user.can_withdraw(user_to_update):
        user_to_update.withdraw()

    user_to_update.save()

    # Do this separately and last because it makes an immediate change
    # to the underlying database, rather than waiting for save().
    if request.form.has_key("new_password"):
        user_to_update.set_password(request.form["new_password"])

    return '{}', 200
def form_helper(rq_user, rq_pass, new_fname, new_lname):
    new_email = "*****@*****.**"
    params = {"username":rq_user,
              "password":rq_pass,
              "first_name":new_fname,
              "last_name":new_lname,
              "email":new_email,
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)
    status = r.status
    assert status == 202, data

    created = User.create_user('1_rt1')
    assert created.email == ''

    pending = PendingUser('1_rt1')
    assert pending.email == "*****@*****.**"
    assert pending.team == "team-ABC"
    assert pending.college == "college-1"

    email_datas = test_helpers.last_n_emails(2)

    student_ps = email_datas[0]
    template = student_ps.template_name
    assert template == 'new_user'
    to = student_ps.toaddr
    assert to == new_email
    vars = student_ps.template_vars
    assert new_fname == vars['name']
    vcode = pending.verify_code
    assert vcode in vars['activation_url']

    test_helpers.assert_load_template(template, vars)

    teacher = User.create_user(rq_user)

    teacher_ps = email_datas[1]
    template = teacher_ps.template_name
    assert template == 'user_requested'
    to = teacher_ps.toaddr
    assert to == teacher.email
    vars = teacher_ps.template_vars
    assert new_fname == vars['pu_first_name']
    assert new_lname == vars['pu_last_name']
    assert new_email == vars['pu_email']
    assert '1_rt1' == vars['pu_username']
    assert 'team-ABC' == vars['pu_team']
    assert 'college the first' == vars['pu_college']

    vars_str = teacher_ps.template_vars_json
    assert vcode not in vars_str, "Should not contain the verification code."

    test_helpers.assert_load_template(template, vars)
Beispiel #14
0
def test_post_sets_own_password_and_name():
    old_password = "******"
    new_password = '******'
    old_first = "Blue"
    old_last  = "Shirt"

    params = {"username":"******",
              "password":old_password,
              "new_password":new_password,
              "new_first_name":'new_first',
              "new_last_name":'new_last',
              }

    r,data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    first = u.first_name
    last = u.last_name
    u.set_password(old_password)
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()

    assert first == 'new_first'
    assert last == 'new_last'
Beispiel #15
0
def clear_old_registrations():
    for pu in PendingUser.ListAll():
        # deliberately a larger delta than we restrict against to avoid
        # accidentally removing vaild entries
        if pu.age > timedelta(days = 3):
            pu.delete()
            expired = User(pu.username)
            expired.delete()

            team_leader = User(pu.teacher_username)
            inform_team_lead_registration_expired(team_leader, expired)
Beispiel #16
0
    def helper(other_username):
        blueshirt = User.create_user("blueshirt-extra", "blueshirt")
        competitor = User.create_user(other_username)
        assert blueshirt.can_view(competitor), "Sanity check"
        details = competitor.details_dictionary_for(blueshirt)
        for keyname in ["username", "first_name", "last_name", "is_student", \
                        "is_team_leader", "has_withdrawn", "has_media_consent", \
                        "teams", "colleges"]:
            assert keyname in details

        assert not 'email' in details, "No need to be able to see their email"
Beispiel #17
0
def test_post_doesnt_set_blank_last_name():
    old_last = User("student_coll1_1").last_name
    params = {
        "username": "******",
        "password": "******",
        "new_last_name": "",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200
    assert User("student_coll1_1").last_name == old_last
Beispiel #18
0
def test_set_password():
    u = User.create_user("teacher_coll1", "facebees")
    u.set_password("bacon")
    u.save()

    u = User.create_user("teacher_coll1", "bacon")

    assert u.can_administrate("student_coll1_1")

    u.set_password("facebees")
    u.save()
Beispiel #19
0
def test_registration_rq_from_blueshirt():
    new_email = "*****@*****.**"
    params = {
        "username": "******",
        "password": "******",
        "first_name": NEW_USER_FNAME,
        "last_name": NEW_USER_LNAME,
        "email": new_email,
        "team": "team-ABC",
        "college": "college-1",
    }

    r, data = test_helpers.server_post("/registrations", params)
    status = r.status
    assert status == 202, data

    created = User.create_user("1_rt1")
    assert created.email == ""

    pending = PendingUser("1_rt1")
    assert pending.email == "*****@*****.**"
    assert pending.team == "team-ABC"
    assert pending.college == "college-1"

    email_datas = test_helpers.last_n_emails(2)

    student_ps = email_datas[0]
    template = student_ps.template_name
    assert template == "new_user"
    to = student_ps.toaddr
    assert to == new_email
    vars = student_ps.template_vars
    assert NEW_USER_FNAME == vars["name"]
    vcode = pending.verify_code
    assert vcode in vars["activation_url"]

    teacher = User.create_user("blueshirt")

    teacher_ps = email_datas[1]
    template = teacher_ps.template_name
    assert template == "user_requested"
    to = teacher_ps.toaddr
    assert to == teacher.email
    vars = teacher_ps.template_vars
    assert NEW_USER_FNAME == vars["pu_first_name"]
    assert NEW_USER_LNAME == vars["pu_last_name"]
    assert new_email == vars["pu_email"]
    assert "1_rt1" == vars["pu_username"]
    assert "team-ABC" == vars["pu_team"]
    assert "college the first" == vars["pu_college"]

    vars_str = teacher_ps.template_vars_json
    assert vcode not in vars_str, "Should not contain the verification code."
Beispiel #20
0
def clear_old_registrations():
    for pu in PendingUser.ListAll():
        # deliberately a larger delta than we restrict against to avoid
        # accidentally removing vaild entries
        if pu.age > timedelta(days=3):
            log_action('expiring registration', pu)
            pu.delete()
            expired = User(pu.username)
            expired.delete()

            team_leader = User(pu.teacher_username)
            inform_team_lead_registration_expired(team_leader, expired)
Beispiel #21
0
def set_user_details(requesting_user, userid):
    user_to_update = User.create_user(userid)
    can_admin = requesting_user.can_administrate(user_to_update)

    if request.form.get("media_consent") == 'true' and requesting_user.can_record_media_consent:
        if not user_to_update.has_media_consent:
            user_to_update.got_media_consent()
            notify_ticket_available(user_to_update)
            user_to_update.save()

        if not can_admin:
            return '{}', 200

    elif not can_admin:
        return AUTHORIZATION_DENIED

    assert can_admin

    user_to_update = User.create_user(userid)
    if request.form.has_key("new_email") and not requesting_user.is_blueshirt:
        new_email = request.form["new_email"]
        request_new_email(user_to_update, new_email)
    # Students aren't allowed to update their own names
    # at this point, if the requesting_user is valid, we know it's a self-edit
    if not requesting_user.is_student:
        fname = request.form.get("new_first_name")
        if fname:
            user_to_update.set_first_name(fname)
        lname = request.form.get("new_last_name")
        if lname:
            user_to_update.set_last_name(lname)
    if request.form.has_key("new_team"):
        team = request.form["new_team"]
        if (not user_to_update.is_blueshirt) and requesting_user.manages_team(team):
            user_to_update.set_team(team)
    if request.form.has_key("new_type") and requesting_user.is_teacher and user_to_update != requesting_user:
        if request.form["new_type"] == 'student':
            user_to_update.make_student()
        elif request.form["new_type"] == 'team-leader':
            user_to_update.make_teacher()
    if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \
        and requesting_user.can_withdraw(user_to_update):
        user_to_update.withdraw()

    user_to_update.save()

    # Do this separately and last because it makes an immediate change
    # to the underlying database, rather than waiting for save().
    if request.form.has_key("new_password"):
        user_to_update.set_password(request.form["new_password"])

    return '{}', 200
Beispiel #22
0
def register_user():
    ah = AuthHelper(request)
    if ah.auth_will_succeed:
        requesting_user = ah.user
        if requesting_user.can_register_users:
            teacher_username = requesting_user.username
            college_group    = request.form["college"].strip()
            first_name       = request.form["first_name"].strip()
            last_name        = request.form["last_name"].strip()
            email            = request.form["email"].strip()
            team             = request.form["team"].strip()

            if College(college_group) not in requesting_user.colleges:
                return json.dumps({"error":"BAD_COLLEGE"}), 403

            if team not in [t.name for t in College(college_group).teams]:
                return json.dumps({"error":"BAD_TEAM"}), 403

            if User.name_used(first_name, last_name) or helpers.email_used(email):
                return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403

            u = User.create_new_user(requesting_user, college_group, first_name, last_name)
            verify_code = helpers.create_verify_code(u.username, email)

            pu = PendingUser(u.username)
            pu.teacher_username = teacher_username
            pu.college = college_group
            pu.email = email
            pu.team = team
            pu.verify_code = verify_code
            pu.save()

            url = url_for('activate_account', username=u.username, code=verify_code, _external=True)
            pu.send_welcome_email(first_name, url)

            rqu_email_vars = { 'name': requesting_user.first_name,
                      'pu_first_name': first_name,
                       'pu_last_name': last_name,
                        'pu_username': pu.username,
                         'pu_college': College(pu.college).name,
                           'pu_email': pu.email,
                            'pu_team': pu.team
                              }
            mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars)

            return "{}", 202
        else:
            return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}),403
    else:
        return ah.auth_error_json, 403
Beispiel #23
0
def test_post_sets_others_password():
    old_password = "******"

    params = {"username":"******",
              "password":"******",
              "new_password":"******",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200
    assert User("student_coll1_1")._user.bind("com")

    u = User("student_coll1_1")
    u.set_password(old_password)
    u.save()
Beispiel #24
0
def test_team_leader_can_become_student():
    # We need to test against another teacher, because team leaders demoting themselves is not allowed
    u = User("student_coll1_1")
    u.make_teacher()
    u.save()

    params = {"username": "******",
              "password": "******",
              "new_type": "student",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    assert not User("student_coll1_1").is_teacher
def test_registration_name_in_use():
    params = {"username":"******",
              "password":"******",
              "first_name":'student2', # student_coll1_2
              "last_name":'student',
              "email":"*****@*****.**",
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)

    status = r.status
    assert status == 403, data
    assert 'DETAILS_ALREADY_USED' in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user('1_ss1')
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser('1_ss1')
    assert not pending.in_db

    test_helpers.assert_no_emails()
def test_registration_bad_frist_name():
    params = {"username":"******",
              "password":"******",
              "first_name":NEW_USER_FNAME,
              "last_name":'2'+NEW_USER_LNAME,
              "email":"*****@*****.**",
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)

    assert r.status == 403
    assert 'BAD_LAST_NAME' in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user('1_rt1')
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser('1_rt1')
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #27
0
    def test_post_by_blueshirt(self):
        params = {"username": "******", "password": "******"}

        r, data = test_helpers.server_post(
            "/send-password-reset/student_coll1_1", params)

        self.assertEqual(202, r.status, data)

        user = User('student_coll1_1')

        ps = test_helpers.last_email()
        toaddr = ps.toaddr
        self.assertEqual(user.email, toaddr)

        vars = ps.template_vars
        self.assertEqual(user.first_name, vars['name'], "Wrong first name")
        self.assertEqual('Blue Shirt', vars['requestor_name'],
                         "Wrong requestor name")

        template = ps.template_name
        self.assertEqual('password_reset', template, "Wrong email template")

        test_helpers.assert_load_template(template, vars)

        ppr = PendingPasswordReset('student_coll1_1')
        self.assertTrue(ppr.in_db,
                        "{0} should been in the database.".format(ppr))
        self.assertEqual('blueshirt', ppr.requestor_username,
                         "Wrong requestor username.")

        self.assertIn(ppr.verify_code, vars['password_reset_url'],
                      "Wrong verify code")
Beispiel #28
0
def test_user_properties_team_leader():
    u = User.create_user("teacher_coll2", "noway")
    data = u.details_dictionary_for(u)

    assert data['is_team_leader']
    assert not data['is_student']
    assert not data['is_blueshirt']
Beispiel #29
0
def test_user_properties_student():
    u = User.create_user("student_coll1_1", "cows")
    data = u.details_dictionary_for(u)

    assert data['is_student']
    assert not data['is_team_leader']
    assert not data['is_blueshirt']
Beispiel #30
0
def test_authed_teacher_cant_see_other_students():
    a = User.create_user("teacher_coll1", "facebees")
    users = ["student_coll2_1", "student_coll2_2"]

    results = [a.can_administrate(user) for user in users]

    assert not any(results)
Beispiel #31
0
def test_authed_blueshirt_cant_see_other_students():
    a = User.create_user("blueshirt", "blueshirt")
    users = ["student_coll2_2", "student_coll2_1"]

    results = [a.can_administrate(user) for user in users]

    assert not any(results)
def test_registration_rq_from_student():
    test_helpers.delete_db()

    params = {"username":"******",
              "password":"******",
              "first_name":"register",
              "last_name":"this.user",
              "email":"*****@*****.**",
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)
    status = r.status
    assert status == 403
    assert 'YOU_CANT_REGISTER_USERS' in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user('2_rt1')
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser('2_rt1')
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #33
0
def test_post_any_blueshirt_can_record_student_media_consent():
    blueshirt_mcf = srusers.user('blueshirt-mcf')
    groups = blueshirt_mcf.groups()
    # Sanity check
    assert set(groups) == set(['mentors', 'media-consent-admin'])

    params = {
        "username": "******",
        "password": "******",
        "media_consent": 'true',
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200, (r.status, data)

    u = User("student_coll1_1")
    assert u.has_media_consent

    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    expected_addr = u.email
    assert toaddr == expected_addr

    vars = ps.template_vars
    first_name = u.first_name
    assert first_name == vars['first_name']

    template = ps.template_name
    assert template == 'ticket_available'

    test_helpers.assert_load_template(template, vars)
Beispiel #34
0
def test_authed_blueshirt_can_see_own_students():
    a = User.create_user("blueshirt", "blueshirt")
    users = ["student_coll1_1", "teacher_coll1"]

    results = [a.can_administrate(user) for user in users]

    assert all(results)
def test_registration_email_in_use():
    params = {"username":"******",
              "password":"******",
              "first_name":NEW_USER_FNAME,
              "last_name":NEW_USER_LNAME,
              "email":"*****@*****.**", # student_coll2_2
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)

    assert r.status == 403
    assert 'DETAILS_ALREADY_USED' in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user('1_rt1')
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser('1_rt1')
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #36
0
def send_password_reset(requesting_user, userid):
    user_to_update = User.create_user(userid)
    if not requesting_user.can_administrate(user_to_update):
        return AUTHORIZATION_DENIED

    verify_code = helpers.create_verify_code(user_to_update.username,
                                             requesting_user.username)

    ppr = PendingPasswordReset(user_to_update.username)
    ppr.requestor_username = requesting_user.username
    ppr.verify_code = verify_code
    ppr.save()

    log_action('sending password reset', ppr)

    url = url_for('reset_password',
                  username=user_to_update.username,
                  code=verify_code,
                  _external=True)
    ppr.send_reset_email(
        user_to_update.email,
        user_to_update.first_name,
        url,
        "{0} {1}".format(requesting_user.first_name,
                         requesting_user.last_name),
    )

    return "{}", 202
def test_registration_bad_frist_name():
    params = {"username":"******",
              "password":"******",
              "first_name":NEW_USER_FNAME,
              "last_name":'2'+NEW_USER_LNAME,
              "email":"*****@*****.**",
              "team":"team-ABC",
              "college":"college-1"}

    r,data = test_helpers.server_post("/registrations", params)

    assert r.status == 403
    assert 'BAD_LAST_NAME' in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user('1_rt1')
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser('1_rt1')
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #38
0
def test_registration_email_in_use():
    params = {
        "username": "******",
        "password": "******",
        "first_name": NEW_USER_FNAME,
        "last_name": NEW_USER_LNAME,
        "email": "*****@*****.**",  # student_coll2_2
        "team": "team-ABC",
        "college": "college-1",
    }

    r, data = test_helpers.server_post("/registrations", params)

    assert r.status == 403
    assert "DETAILS_ALREADY_USED" in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user("1_rt1")
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser("1_rt1")
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #39
0
def test_post_sets_own_password():
    old_password = "******"
    new_password = '******'

    params = {"username":"******",
              "password":old_password,
              "new_password":new_password,
              }

    r,data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    u.set_password(old_password)
    u.save()
Beispiel #40
0
def test_registration_rq_from_student():
    test_helpers.delete_db()

    params = {
        "username": "******",
        "password": "******",
        "first_name": "register",
        "last_name": "this.user",
        "email": "*****@*****.**",
        "team": "team-ABC",
        "college": "college-1",
    }

    r, data = test_helpers.server_post("/registrations", params)
    status = r.status
    assert status == 403
    assert "YOU_CANT_REGISTER_USERS" in data
    assert len(test_helpers.get_registrations()) == 0

    try:
        created = User.create_user("2_rt1")
        assert False, "Should not have created user"
    except:
        pass

    pending = PendingUser("2_rt1")
    assert not pending.in_db

    test_helpers.assert_no_emails()
Beispiel #41
0
def test_college_set_in_user():
    u = User.create_user('st_user1')

    u.set_college(NEW_COLLEGE_NAME)
    u.save()

    u_colleges = u.colleges
    assert set(u_colleges) == set([NEW_COLLEGE_NAME])
Beispiel #42
0
def clear_old_registrations():
    # deliberately a larger delta than we restrict against to avoid
    # accidentally removing vaild entries
    activation_days = config.getint('nemesis', 'activation_days')
    activation_days += 0.5
    max_age = timedelta(days = activation_days)

    for pu in PendingUser.ListAll():
        if pu.age > max_age:
            log_action('expiring registration', pu)
            pu.delete()
            expired = User(pu.username)
            expired.delete()

            inform_competitor_registration_expired(pu.email, expired)
            team_leader = User(pu.teacher_username)
            inform_team_lead_registration_expired(team_leader, expired)
Beispiel #43
0
def test_team_set_in_user():
    u = User.create_user('st_user1')

    u.set_team(NEW_TEAM_NAME)
    u.save()

    u_teams = [t.name for t in u.teams]
    assert set(u_teams) == set([NEW_TEAM_NAME])
Beispiel #44
0
def clear_old_registrations():
    # deliberately a larger delta than we restrict against to avoid
    # accidentally removing vaild entries
    activation_days = config.getint('nemesis', 'activation_days')
    activation_days += 0.5
    max_age = timedelta(days=activation_days)

    for pu in PendingUser.ListAll():
        if pu.age > max_age:
            log_action('expiring registration', pu)
            pu.delete()
            expired = User(pu.username)
            expired.delete()

            inform_competitor_registration_expired(pu.email, expired)
            team_leader = User(pu.teacher_username)
            inform_team_lead_registration_expired(team_leader, expired)
Beispiel #45
0
def test_team_set_in_user():
    u = User.create_user('st_user1')

    u.set_team(NEW_TEAM_NAME)
    u.save()

    u_teams = [t.name for t in u.teams]
    assert set(u_teams) == set([NEW_TEAM_NAME])
def test_college_set_in_user():
    u = User.create_user('st_user1')

    u.set_college(NEW_COLLEGE_NAME)
    u.save()

    u_colleges = u.colleges
    assert set(u_colleges) == set([NEW_COLLEGE_NAME])
Beispiel #47
0
def test_activate_success():
    username = '******'

    rq_user = User.create_user("teacher_coll1", "facebees")
    cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
    assert cu.username == username

    pu = create_pending_user(username)
    pu.save()

    r,data = test_helpers.server_get("/activate/" + username + "/bibble")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email
    assert pu.email == email
    teams = [t.name for t in u.teams]
    assert pu.team in teams
    colleges = u.colleges
    assert pu.college in colleges

    students = srusers.group('students').members
    assert username in students

    pu = PendingUser(username)
    assert not pu.in_db, "registration DB entry should have been removed"

    # ensure we sent the team-leader a confirmation
    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    tl_email = rq_user.email
    assert toaddr == tl_email

    vars = ps.template_vars
    tl_name = rq_user.first_name
    assert tl_name == vars['name']
    first_name = cu.first_name
    assert first_name == vars['au_first_name']
    last_name = cu.last_name
    assert last_name == vars['au_last_name']
    assert username == vars['au_username']

    template = ps.template_name
    assert template == 'user_activated_team_leader'
Beispiel #48
0
def test_activate_success():
    username = '******'

    rq_user = User.create_user("teacher_coll1", "facebees")
    cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
    assert cu.username == username

    pu = create_pending_user(username)
    pu.save()

    r, data = test_helpers.server_get("/activate/" + username + "/bibble")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email
    assert pu.email == email
    teams = [t.name for t in u.teams]
    assert pu.team in teams
    colleges = u.colleges
    assert pu.college in colleges

    students = srusers.group('students').members
    assert username in students

    pu = PendingUser(username)
    assert not pu.in_db, "registration DB entry should have been removed"

    # ensure we sent the team-leader a confirmation
    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    tl_email = rq_user.email
    assert toaddr == tl_email

    vars = ps.template_vars
    tl_name = rq_user.first_name
    assert tl_name == vars['name']
    first_name = cu.first_name
    assert first_name == vars['au_first_name']
    last_name = cu.last_name
    assert last_name == vars['au_last_name']
    assert username == vars['au_username']

    template = ps.template_name
    assert template == 'user_activated_team_leader'
Beispiel #49
0
def test_team_leader_can_set_team_leader():
    params = {"username": "******",
              "password": "******",
              "new_type": "team-leader",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    is_teacher = u.is_teacher

    # Clean up
    u.make_student()
    u.save()

    # now assert (ensures the clean-up occurs)
    assert is_teacher
Beispiel #50
0
def test_team_set_in_db():
    u = User.create_user('st_user1')

    u.set_team(NEW_TEAM_NAME)
    u.save()

    sru = srusers.user('st_user1')
    sru_groups = sru.groups()
    assert set(sru_groups) == set([NEW_TEAM_NAME, 'st_other_group'])
def test_college_set_in_db():
    u = User.create_user('st_user1')

    u.set_college(NEW_COLLEGE_NAME)
    u.save()

    sru = srusers.user('st_user1')
    sru_groups = sru.groups()
    assert set(sru_groups) == set([NEW_COLLEGE_NAME, 'st_other_group'])
Beispiel #52
0
def test_team_set_in_db():
    u = User.create_user('st_user1')

    u.set_team(NEW_TEAM_NAME)
    u.save()

    sru = srusers.user('st_user1')
    sru_groups = sru.groups()
    assert set(sru_groups) == set([NEW_TEAM_NAME, 'st_other_group'])
Beispiel #53
0
def test_post_teacher_sets_team():
    old_team = "team-ABC"
    new_team = "team-DFE"

    params = {"username":"******",
              "password":"******",
              "new_team":new_team,
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    teams = [t.name for t in u.teams]
    assert [new_team] == teams

    u.set_team(old_team)
    u.save()
Beispiel #54
0
def test_college_set_in_db():
    u = User.create_user('st_user1')

    u.set_college(NEW_COLLEGE_NAME)
    u.save()

    sru = srusers.user('st_user1')
    sru_groups = sru.groups()
    assert set(sru_groups) == set([NEW_COLLEGE_NAME, 'st_other_group'])
def test_verify_success():
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"

    setup_new_email('student_coll1_1', new_email, 'bees')

    r,data = test_helpers.server_get("/verify/" + username + "/bees")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email

    # restore the original first
    u.set_email(old_email)
    u.save()

    assert email == new_email
Beispiel #56
0
def email_used(email):
    if User.email_used(email):
        return True

    if any(pe.new_email == email for pe in PendingEmail.ListAll()):
        return True

    if any(pu.email == email for pu in PendingUser.ListAll()):
        return True

    return False
def test_make_student():
    u = User.create_user('st_user1')
    u.make_student()
    u.save()

    assert not u.is_teacher

    students = srusers.group('students').members
    assert 'st_user1' in students

    teachers = srusers.group('teachers').members
    assert 'st_user1' not in teachers
Beispiel #58
0
def test_details_dictionary_for_team_leader_member():
    u = User.create_user("teacher_coll1", "facebees")
    data = assert_college_1_details_dictionary_for(u)

    expected_users = [
        "teacher_coll1",
        "student_coll1_1",
        "student_coll1_2",
        "withdrawn_student",
    ]
    actual_users = data["users"]
    assert actual_users == expected_users
Beispiel #59
0
def reset_password(username, code):
    """
    Resets a user's password after they've clicked a link in an email we
    sent them, then serves up a page for them to change their password.
    Not part of the documented API.
    """

    ppr = PendingPasswordReset(username)

    if not ppr.in_db:
        return "No such user account", 404, PLAINTEXT_HEADER

    if ppr.age > timedelta(days = PASSWORD_RESET_DAYS):
        return "Request not valid", 410, PLAINTEXT_HEADER

    if ppr.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('resetting user password', ppr)

    from libnemesis import srusers
    new_pass = srusers.users.GenPasswd()

    u = User(username)
    u.set_password(new_pass)
    # No need to save since set_password happens immediately

    ppr.delete()

    html = open(PATH + "/templates/password_reset.html").read()
    replacements = { 'first_name': u.first_name
                   ,  'last_name': u.last_name
                   ,   'password': new_pass
                   ,   'username': username
                   ,       'root': url_for('.index')
                   }

    html = html.format(**replacements)

    return html, 200, CSP_HEADER
Beispiel #60
0
def user_details(userid):
    ah = AuthHelper(request)
    if ah.auth_will_succeed and ah.user.can_administrate(userid):
        user = User.create_user(userid)
        details = user.details_dictionary_for(ah.user)
        email_change_rq = PendingEmail(userid)
        if email_change_rq.in_db:
            new_email = email_change_rq.new_email
            if new_email != details['email']:
                details['new_email'] = new_email
        return json.dumps(details), 200
    else:
        return ah.auth_error_json, 403